Re: Trusted VI on HP-UX?

Another slution would be to initialize compartments on your system (cmpt_tune -e, needs a reboot unfortunately), make a copy of the vi binary to whatever name you like, create a compartment (like /etc/cmpt/vi.rules) which restricts access & permissions for executables in this compartment.With setfilexsec -c , you can assign your vi-copy to this comparment. From that point on, anyone running this copy of vi will have limited system access. Even if it is root.You can even prevent the user from forking a shell from within vi, and as such prevent anyone from executing any command from within your vi.

In HP-UX 11i v2, compartments was an add-on software. In HP-UX 11i v3, it is a standard functionality.

We use multiple compartments to limit unauthorized sysyem access, especially for applications that are reqchable from the internet.